elasticsearchkibana
Kibana KQL Visualisation Filter - Exclude one value of list field
I have a elastic index with an "origin" field. This field can have either one or two strings/keywords in a list/array format like this:
"origin": [
"live"
],
or
"origin": [
"live",
"upload"
],
In Kibana I want to create a visualization that splits me the chart in
- only "live"
- only "upload" or
- both
But if I write a filter command like
origin.keyword : "live"
it obviously it true if the list contains only "live" or both like ["live", "upload"].
How do I have to write this KQL filter to only list documents where "origin" only contains the value "live" in the list?
Thanks!
Solution
You can use the "filter" aggregation for that.
Will give you graphs like this:
If you need the precise use case describe in your comment
Filters a written in kql, so don't hesitate to read the doc to construct your own cases https://www.elastic.co/guide/en/kibana/7.9/kuery-query.html
- How to view the different values in a geopoint to a Data table in Kibana Elasticsearch Maps
- Not able to start elastic search service
- Can I filter an array in elastic?
- Pyspark Streaming data to Elastic search index from Kafka topic , running in Jupyter notebook, causing failure
- How to move shards around in a cluster
- OData services with Elastic search
- How to query elasticsearch from spring with LocalDate
- Elasticsearch query to get values of multiple attributes
- I want to sort my elastic search aggregation data with most recent login for each user by there name
- bucket_script inside filter aggregation throws error
- Elasticsearch delete_by_query version conflict
- Case insensitive exact match in ElasticSearch
- How do I enable remote access/request in Elasticsearch 2.0?
- Fluent-bit - Splitting json log into structured fields in Elasticsearch
- Elasticsearch Devtools Queries (Regexp/Wildcard) - Not Working
- Elastic Search Analyzer at search time not working
- Elasticsearch 7.2.0: master not discovered or elected yet, an election requires at least X nodes
- Create TermsQuery with List<String> using elasticsearch java api client
- Elasticsearch: Use loop in Painless script
- How can I check nulls in Logstash pipeline in filter plugin?
- How to input a JSON file (array form) in Logstash?
- OpenTelemetry Export to Elastic Search without Elastic APM
- Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
- trying to pass params to elasticsearch getting null_pointer_exception
- 'Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes" error when indexing a list of dictionaries
- Regexp filter in Opensearch (or Elasticsearch)
- Shards and replicas in Elasticsearch
- Search document with empty array field, on ElasticSearch
- how to rename an index in a cluster?
- Merge two indices value by a common field in elasticsearch